Page MenuHomePhabricator
Create Task
Maniphest T253843

Move helm chart repository out of git
Closed, ResolvedPublic
Actions

Description

It's a pain to always have to rebase CRs because the index.yaml has changed.

My suggestion is either have CI build the index or, even better, have CI do "helm package" as well.

We could also run an instance of https://chartmuseum.com/ (with swift backend?) and use the "helm push" plugin to package and push helm charts (authenticated) via CI.

Things that do not look nice:

Details

SubjectRepoBranchLines +/-
configmaster: add helm-charts to disc_desired_state.pyoperations/puppetproduction+2 -0
releases: Remove absent resourcesoperations/puppetproduction+0 -17
Remove helm repo (index.yaml and chart tars) from gitoperations/deployment-chartsmaster+0 -5 K
releases: Remove deployment-charts repooperations/puppetproduction+3 -3
blubberoid: remove out-dated repositories definitionoperations/deployment-chartsmaster+0 -4
changeprop: Update repository URL in requirementsoperations/deployment-chartsmaster+1 -1
eventgate: Update repository URL in requirementsoperations/deployment-chartsmaster+5 -5
Remove the repository definition from helmfilesoperations/deployment-chartsmaster+0 -200
mathoid: Change staging chart back to stableoperations/deployment-chartsmaster+1 -1
Remove the repository definition from helmfilesoperations/deployment-chartsmaster+2 -23
helm: Allow multiple helm repositoriesoperations/puppetproduction+15 -2
chartmuseum: Change repository name to stableoperations/puppetproduction+1 -1
chartmuseum: Fix inverted hostname and IPoperations/puppetproduction+4 -4
chartmuseum: Run timer command (ExecStart) in a shelloperations/puppetproduction+3 -3
chartmuseum: Add systemd timer to package and push chartsoperations/puppetproduction+58 -0
modules/systemd: Allow to define EnvironmentFile for timersoperations/puppetproduction+7 -0
ATS: Add backend for helm-charts.wikimedia.orgoperations/puppetproduction+5 -0
Add helm-charts discovery recordoperations/dnsmaster+4 -0
chartmuseum: fix typo in config templateoperations/puppetproduction+2 -2
prometheus: Switch chartmuseum scrape target to HTTPSoperations/puppetproduction+4 -0
chartmuseum: Ensure envoy connects via IPv4operations/puppetproduction+1 -1
Switch role for chartmuseum hosts to chartmuseumoperations/puppetproduction+1 -1
Fix chartmuseum hiera path (common/profile -> role/common)labs/privatemaster+0 -0
Add fake secrets for chartmuseumlabs/privatemaster+8 -0
Introduce chartmuseum[12]001operations/dnsmaster+8 -0
Add certificate for helm-charts (chartmuseum)operations/puppetproduction+25 -0
secret: add dummy key for helm-charts (chartmuseum)labs/privatemaster+3 -0
chartmuseum: Add initial module, profile and roleoperations/puppetproduction+224 -1
Add patches for swift auth and bind interfaceoperations/debs/chartmuseummaster+528 -0
Initial commit of debian directoryoperations/debs/chartmuseummaster+511 -0
Debian glue for operations/debs/chartmuseumintegration/configmaster+5 -0
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.May 28 2020, 10:27 AM
Restricted Application added a subscriber: Aklapper. ยท View Herald TranscriptMay 28 2020, 10:27 AM
akosiaris triaged this task as Medium priority.May 29 2020, 2:17 PM
akosiaris subscribed.

My suggestion is either have CI build the index or, even better, have CI do "helm package" as well.

+1

We could also run an instance of https://chartmuseum.com/ (with swift backend?) and use the "helm push" plugin to package and push helm charts (authenticated) via CI.

+1 as well, altough we probably don't even need the helm push plugin (a bit less code to maintain, nothing against the plugin per se) and just do a curl --data-binary "@mychart-0.1.0.tgz" http://chartmuseum.discovery.wmnet:8080/api/charts

JMeybohm claimed this task.Jun 11 2020, 7:59 AM
JMeybohm moved this task from Incoming ๐Ÿซ to API Gateway ๐ŸฅŒ on the serviceops board.
gerritbot added a comment.Jun 16 2020, 3:11 PM

Change 605940 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/debs/chartmuseum@master] Initial commit of debian directory

https://gerrit.wikimedia.org/r/605940

gerritbot added a project: Patch-For-Review.Jun 16 2020, 3:11 PM
gerritbot added a comment.Jun 16 2020, 3:23 PM

Change 605945 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[integration/config@master] Debian glue for operations/debs/chartmuseum

https://gerrit.wikimedia.org/r/605945

gerritbot added a comment.Jun 16 2020, 3:28 PM

Change 605945 merged by jenkins-bot:
[integration/config@master] Debian glue for operations/debs/chartmuseum

https://gerrit.wikimedia.org/r/605945

gerritbot added a comment.Jun 19 2020, 10:21 AM

Change 605940 merged by jenkins-bot:
[operations/debs/chartmuseum@master] Initial commit of debian directory

https://gerrit.wikimedia.org/r/605940

Maintenance_bot removed a project: Patch-For-Review.Jun 19 2020, 11:10 AM
gerritbot added a comment.Jun 22 2020, 8:20 AM

Change 606956 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] WIP: chartmusum: Add initial module, profile and role

https://gerrit.wikimedia.org/r/606956

gerritbot added a project: Patch-For-Review.Jun 22 2020, 8:20 AM
JMeybohm added a subscriber: fgiunchedi.Jun 22 2020, 1:31 PM

I need to make decisions regarding TLS and storage:

Do we want to use envoy here (ChartMuseum is able to TLS termination as well)? I think it might be desirable as it prevents us from writing/maintaining TLS stuff in the ChartMuseum class/profile and the overhead is probably irrelevant here.

Storage:
It would be nice to have ChartMuseum active/active and it supports Swift as backend. I've asked @fgiunchedi about the multi-dc swift cluster that is used for thanos.

If that's not possible for whatever reasons (mostly reliability I guess), we would need to go active/passive and periodically sync the charts between the DCs.

@akosiaris what do you think?

akosiaris added a comment.Jun 22 2020, 2:00 PM
In T253843#6244473, @JMeybohm wrote:

I need to make decisions regarding TLS and storage:

Do we want to use envoy here (ChartMuseum is able to TLS termination as well)? I think it might be desirable as it prevents us from writing/maintaining TLS stuff in the ChartMuseum class/profile and the overhead is probably irrelevant here.

I 'd go with the envoy TLS termination for:

  • consistency's sake
  • one less part of the chartmuseum codebase then we end up exercising and having to deal with in terms of maintenance, bugs, etc.

Storage:
It would be nice to have ChartMuseum active/active and it supports Swift as backend. I've asked @fgiunchedi about the multi-dc swift cluster that is used for thanos.

If that's not possible for whatever reasons (mostly reliability I guess), we would need to go active/passive and periodically sync the charts between the DCs.

@akosiaris what do you think?

/me hopes we do active/active as it sounds preferable on our side.

JMeybohm closed subtask T256020: Access to the thanos-swift cluster for ChartMuseum as Resolved.Jun 26 2020, 3:25 PM
JMeybohm added a comment.Jun 26 2020, 3:31 PM

Turns out our swift cluster does only support Swift V1 Auth, which ChartMuseum does not. I've tried the S3 API as well but that only supports "v2 signatures" which ChartMuseum ... does not (because the official aws-sdk-go only supports v4 signatures).

Fortunately the library ChartMuseum uses for OpenStack/Swift, supports V1 Auth (although not "automatically" as v2 and v3). Implementation looked pretty straight forward, so I ended up with:

gerritbot added a comment.Jun 26 2020, 6:13 PM

Change 608088 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/debs/chartmuseum@master] Add patches for swift auth and bind interface

https://gerrit.wikimedia.org/r/608088

gerritbot added a comment.Jul 2 2020, 8:42 AM

Change 608088 merged by jenkins-bot:
[operations/debs/chartmuseum@master] Add patches for swift auth and bind interface

https://gerrit.wikimedia.org/r/c/operations/debs/chartmuseum/ /608088

Stashbot added a comment.Jul 2 2020, 9:28 AM

Mentioned in SAL (#wikimedia-operations) [2020-07-02T09:28:46Z] <jayme> imported chartmuseum_0.12.0-2 to buster-wikimedia - T253843

gerritbot added a comment.Jul 2 2020, 9:30 AM

Change 606956 merged by JMeybohm:
[operations/puppet@production] chartmuseum: Add initial module, profile and role

https://gerrit.wikimedia.org/r/c/operations/puppet/ /606956

gerritbot added a comment.Jul 2 2020, 10:07 AM

Change 609121 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[labs/private@master] secret: add dummy key for helm-charts (chartmuseum)

https://gerrit.wikimedia.org/r/c/labs/private/ /609121

gerritbot added a comment.Jul 2 2020, 10:10 AM

Change 609122 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] Add certificate for helm-charts (chartmuseum)

https://gerrit.wikimedia.org/r/c/operations/puppet/ /609122

gerritbot added a comment.Jul 2 2020, 2:17 PM

Change 609164 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/dns@master] Introduce chartmuseum[12]001

https://gerrit.wikimedia.org/r/c/operations/dns/ /609164

gerritbot added a comment.Jul 2 2020, 2:17 PM

Change 609165 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/dns@master] Add helm-charts discovery records

https://gerrit.wikimedia.org/r/c/operations/dns/ /609165

gerritbot added a comment.Jul 3 2020, 7:52 AM

Change 609121 merged by JMeybohm:
[labs/private@master] secret: add dummy key for helm-charts (chartmuseum)

https://gerrit.wikimedia.org/r/609121

gerritbot added a comment.Jul 3 2020, 7:52 AM

Change 609122 merged by JMeybohm:
[operations/puppet@production] Add certificate for helm-charts (chartmuseum)

https://gerrit.wikimedia.org/r/609122

gerritbot added a comment.Jul 3 2020, 7:52 AM

Change 609164 merged by JMeybohm:
[operations/dns@master] Introduce chartmuseum[12]001

https://gerrit.wikimedia.org/r/609164

JMeybohm mentioned this in rLPRId3a1da9e320b: secret: add dummy key for helm-charts (chartmuseum).Jul 3 2020, 7:54 AM
JMeybohm closed subtask T256970: Site: eqiad/codwf each 1 VM for helm-charts.wikimedia.org (chartmuseum) as Resolved.Jul 6 2020, 10:28 AM
gerritbot added a comment.Jul 6 2020, 10:32 AM

Change 609760 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] Switch role for chartmuseum hosts to chartmuseum

https://gerrit.wikimedia.org/r/609760

gerritbot added a comment.Jul 6 2020, 12:54 PM

Change 609781 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[labs/private@master] Add fake secrets for chartmuseum

https://gerrit.wikimedia.org/r/609781

gerritbot added a comment.Jul 6 2020, 12:55 PM

Change 609781 merged by JMeybohm:
[labs/private@master] Add fake secrets for chartmuseum

https://gerrit.wikimedia.org/r/609781

JMeybohm mentioned this in rLPRI2bd6a5247ec0: Add fake secrets for chartmuseum.Jul 6 2020, 12:57 PM
gerritbot added a comment.Jul 6 2020, 1:45 PM

Change 609785 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[labs/private@master] Fix chartmuseum hiera path (common/profile -> role/common)

https://gerrit.wikimedia.org/r/609785

gerritbot added a comment.Jul 6 2020, 1:46 PM

Change 609785 merged by JMeybohm:
[labs/private@master] Fix chartmuseum hiera path (common/profile -> role/common)

https://gerrit.wikimedia.org/r/609785

JMeybohm mentioned this in rLPRIde198ee862a0: Fix chartmuseum hiera path (common/profile -> role/common).Jul 6 2020, 1:47 PM
gerritbot added a comment.Jul 6 2020, 1:49 PM

Change 609760 merged by JMeybohm:
[operations/puppet@production] Switch role for chartmuseum hosts to chartmuseum

https://gerrit.wikimedia.org/r/609760

gerritbot added a comment.Jul 6 2020, 2:41 PM

Change 609792 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] chartmuseum: Ensure envoy connects via IPv4

https://gerrit.wikimedia.org/r/609792

JMeybohm updated the task description. (Show Details)Jul 6 2020, 4:18 PM
gerritbot added a comment.Jul 6 2020, 4:19 PM

Change 609792 merged by JMeybohm:
[operations/puppet@production] chartmuseum: Ensure envoy connects via IPv4

https://gerrit.wikimedia.org/r/609792

gerritbot added a comment.Jul 6 2020, 5:42 PM

Change 609829 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] prometheus: Switch chartmuseum scrape target to HTTPS

https://gerrit.wikimedia.org/r/609829

gerritbot added a comment.Jul 6 2020, 5:45 PM

Change 609829 merged by JMeybohm:
[operations/puppet@production] prometheus: Switch chartmuseum scrape target to HTTPS

https://gerrit.wikimedia.org/r/609829

gerritbot added a comment.Jul 7 2020, 9:55 AM

Change 609984 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] chartmuseum: fix typo in config template

https://gerrit.wikimedia.org/r/609984

gerritbot added a comment.Jul 7 2020, 9:56 AM

Change 609984 merged by JMeybohm:
[operations/puppet@production] chartmuseum: fix typo in config template

https://gerrit.wikimedia.org/r/609984

JMeybohm moved this task from API Gateway ๐ŸฅŒ to Doing ๐Ÿ˜Ž on the serviceops board.Jul 7 2020, 2:50 PM
gerritbot added a comment.Jul 7 2020, 3:00 PM

Change 609403 had a related patch set uploaded (by JMeybohm; owner: Alexandros Kosiaris):
[operations/puppet@production] Add discovery records for chartmuseum

https://gerrit.wikimedia.org/r/609403

JMeybohm mentioned this in T257333: CI pipeline/job to build and release helm chart artifacts.Jul 7 2020, 3:55 PM
JMeybohm updated the task description. (Show Details)Jul 17 2020, 10:09 AM
gerritbot added a comment.Jul 17 2020, 1:37 PM

Change 613634 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] modules/systemd: Allow to define EnvironmentFile for timers

https://gerrit.wikimedia.org/r/613634

gerritbot added a comment.Jul 17 2020, 1:37 PM

Change 613635 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] charmuseum: Add systemd timer to package and push charts

https://gerrit.wikimedia.org/r/613635

gerritbot added a comment.Jul 27 2020, 8:25 AM

Change 609165 merged by JMeybohm:
[operations/dns@master] Add helm-charts discovery record

https://gerrit.wikimedia.org/r/609165

gerritbot added a comment.Jul 27 2020, 9:04 AM

Change 616447 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] ATS: Add backend for helm-charts.wikimedia.org

https://gerrit.wikimedia.org/r/616447

gerritbot added a comment.Jul 27 2020, 11:00 AM

Change 616447 merged by JMeybohm:
[operations/puppet@production] ATS: Add backend for helm-charts.wikimedia.org

https://gerrit.wikimedia.org/r/616447

gerritbot added a comment.Jul 27 2020, 11:02 AM

Change 613634 merged by JMeybohm:
[operations/puppet@production] modules/systemd: Allow to define EnvironmentFile for timers

https://gerrit.wikimedia.org/r/613634

gerritbot added a comment.Jul 27 2020, 11:02 AM

Change 613635 merged by JMeybohm:
[operations/puppet@production] chartmuseum: Add systemd timer to package and push charts

https://gerrit.wikimedia.org/r/613635

gerritbot added a comment.Jul 27 2020, 11:22 AM

Change 616473 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] chartmuseum: Run timer command (ExecStart) in a shell

https://gerrit.wikimedia.org/r/616473

gerritbot added a comment.Jul 27 2020, 12:03 PM

Change 616473 merged by JMeybohm:
[operations/puppet@production] chartmuseum: Run timer command (ExecStart) in a shell

https://gerrit.wikimedia.org/r/616473

gerritbot added a comment.Jul 30 2020, 12:54 PM

Change 617455 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] chartmuseum: Fix inverted hostname and IP

https://gerrit.wikimedia.org/r/617455

gerritbot added a comment.Jul 30 2020, 12:59 PM

Change 617455 merged by JMeybohm:
[operations/puppet@production] chartmuseum: Fix inverted hostname and IP

https://gerrit.wikimedia.org/r/617455

JMeybohm closed subtask T259221: chartmuseum GET /api/production/charts failing after some time as Resolved.Jul 30 2020, 1:10 PM
gerritbot added a comment.Jul 31 2020, 8:14 AM

Change 617652 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/deployment-charts@master] Switch helmfiles to use chartmuseum repository

https://gerrit.wikimedia.org/r/617652

gerritbot added a comment.Jul 31 2020, 9:12 AM

Change 617659 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] chartmuseum: Change repository name to stable

https://gerrit.wikimedia.org/r/617659

gerritbot added a comment.Jul 31 2020, 9:18 AM

Change 617659 merged by JMeybohm:
[operations/puppet@production] chartmuseum: Change repository name to stable

https://gerrit.wikimedia.org/r/617659

gerritbot added a comment.Jul 31 2020, 10:07 AM

Change 617673 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] helm: Allow multiple helm repositories

https://gerrit.wikimedia.org/r/617673

gerritbot added a comment.Jul 31 2020, 12:18 PM

Change 617673 merged by JMeybohm:
[operations/puppet@production] helm: Allow multiple helm repositories

https://gerrit.wikimedia.org/r/617673

gerritbot added a comment.Jul 31 2020, 12:23 PM

Change 617693 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/deployment-charts@master] Remove the repository definition from helmfiles

https://gerrit.wikimedia.org/r/617693

gerritbot added a comment.Jul 31 2020, 12:23 PM

Change 617694 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/deployment-charts@master] changeprop: Update repository URL in requirements

https://gerrit.wikimedia.org/r/617694

gerritbot added a comment.Jul 31 2020, 12:23 PM

Change 617695 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/deployment-charts@master] eventgate: Update repository URL in requirements

https://gerrit.wikimedia.org/r/617695

gerritbot added a comment.Jul 31 2020, 12:29 PM

Change 617652 merged by jenkins-bot:
[operations/deployment-charts@master] Remove the repository definition from helmfiles

https://gerrit.wikimedia.org/r/617652

gerritbot added a comment.Jul 31 2020, 12:40 PM

Change 617699 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/deployment-charts@master] mathoid: Change staging chart back to stable

https://gerrit.wikimedia.org/r/617699

gerritbot added a comment.Jul 31 2020, 2:12 PM

Change 617699 merged by jenkins-bot:
[operations/deployment-charts@master] mathoid: Change staging chart back to stable

https://gerrit.wikimedia.org/r/617699

gerritbot added a comment.Jul 31 2020, 2:12 PM

Change 617693 merged by jenkins-bot:
[operations/deployment-charts@master] Remove the repository definition from helmfiles

https://gerrit.wikimedia.org/r/617693

gerritbot added a comment.Aug 4 2020, 7:22 AM

Change 617695 merged by JMeybohm:
[operations/deployment-charts@master] eventgate: Update repository URL in requirements

https://gerrit.wikimedia.org/r/617695

gerritbot added a comment.Aug 4 2020, 8:47 AM

Change 617694 merged by jenkins-bot:
[operations/deployment-charts@master] changeprop: Update repository URL in requirements

https://gerrit.wikimedia.org/r/617694

gerritbot added a comment.Aug 4 2020, 4:33 PM

Change 618347 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/deployment-charts@master] blubberoid: remove out-dated repositories definition

https://gerrit.wikimedia.org/r/618347

gerritbot added a comment.Aug 4 2020, 4:52 PM

Change 618352 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] releases: Remove deployment-charts repo

https://gerrit.wikimedia.org/r/618352

gerritbot added a comment.Aug 5 2020, 7:45 AM

Change 618347 merged by jenkins-bot:
[operations/deployment-charts@master] blubberoid: remove out-dated repositories definition

https://gerrit.wikimedia.org/r/618347

gerritbot added a comment.Aug 11 2020, 6:40 AM

Change 618352 merged by JMeybohm:
[operations/puppet@production] releases: Remove deployment-charts repo

https://gerrit.wikimedia.org/r/618352

gerritbot added a comment.Aug 11 2020, 6:44 AM

Change 619433 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/deployment-charts@master] Remove helm repo (index.yaml and chart tars) from git

https://gerrit.wikimedia.org/r/619433

gerritbot added a comment.Aug 11 2020, 6:57 AM

Change 619433 merged by jenkins-bot:
[operations/deployment-charts@master] Remove helm repo (index.yaml and chart tars) from git

https://gerrit.wikimedia.org/r/619433

gerritbot added a comment.Aug 11 2020, 7:20 AM

Change 619434 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] releases: Remove absend ressources

https://gerrit.wikimedia.org/r/619434

JMeybohm closed this task as Resolved.Aug 11 2020, 7:24 AM

Finally removed the chart tgz's from git and the mirror from releases. Closing.

gerritbot added a comment.Aug 11 2020, 4:22 PM

Change 619434 merged by Dzahn:
[operations/puppet@production] releases: Remove absent resources

https://gerrit.wikimedia.org/r/619434

dduvall mentioned this in T261346: Modify PipelineLib to work with WMF chart museum.Aug 26 2020, 6:25 PM
gerritbot added a comment.Sep 3 2020, 8:14 AM

Change 623958 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] configmaster: add helm-charts to disc_desired_state.py

https://gerrit.wikimedia.org/r/623958

gerritbot added a comment.Sep 4 2020, 6:53 AM

Change 623958 merged by JMeybohm:
[operations/puppet@production] configmaster: add helm-charts to disc_desired_state.py

https://gerrit.wikimedia.org/r/623958

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. ยท Wikimedia Foundation ยท Privacy Policy ยท Code of Conduct ยท Terms of Use ยท Disclaimer ยท CC-BY-SA ยท GPL ยท Credits